7 matches found
CVE-2025-66088
CVE-2025-66088 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin Property Hive (PropertyHive) versions up to and including 2.1.12. Multiple sources (NVD, Red Hat, CIRCL, CVE lists, and vulnerability enrichments) confirm that an incorrectly configured access co...
WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin PropertyHive versions = 2.1.12...
WordPress PropertyHive Plugin <= 2.0.9 is vulnerable to PHP Object Injection
Software PropertyHive Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.0.10 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-27985 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 245763d3996e Credits CatFather Required privilege Subscribe...
WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection
Software PropertyHive Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-23513 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 2d28e52553fa Credits Yudistira Arya Required privilege...
WordPress PropertyHive Plugin <= 1.5.52 is vulnerable to Cross Site Scripting (XSS)
Software PropertyHive Type Plugin Vulnerable versions = 1.5.52 Fixed in 1.5.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22706 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b9faa8c10632 Credits Nguyen Xuan Chien...
WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)
Software PropertyHive Type Plugin Vulnerable versions = 1.5.46 Fixed in 1.5.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29172 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f09421dbd25 Credits minhtuanact Requir...
WordPress PropertyHive plugin <=1.4.14 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found in WordPress PropertyHive plugin versions =1.4.14. Cross-Site Scripting possible via the body parameter "includes/admin/views/html-preview-applicant-matches-email.php". Solution Update the WordPress PropertyHive plugin to the latest available version a...